CVE-2023-6202

Name of the Vulnerable Software and Affected Versions Mattermost (affected versions not specified)

Description The issue is related to improper authorization in the "/plugins/focalboard/api/v2/users" endpoint, allowing an attacker who is a guest user and knows the ID of another user to obtain their information, such as name, surname, and nickname, via Mattermost Boards.

Recommendations As a temporary workaround, consider restricting access to the "/plugins/focalboard/api/v2/users" endpoint for guest users until a patch is available. Avoid using the user ID in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.